You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matt Kettler <mk...@evi-inc.com> on 2005/02/03 18:01:02 UTC
OT: Calling milters based on RBL hits?
I know this is slightly OT here, but it is related to spamfighting, and
there are some good sendmail hacks on this list. The concept might prove
useful to others here too.
Concept: I want to be able to greylist email that matches an RBL. I'd
rather not greylist all mail company wide (although I do greylist all mail
to this account) due to latency and multi-smarthost site problems. I also
can't afford the FPs of outright rejecting mail based on RBLs. However, I
can see greylisting all mail that matches an RBL, particularly ones like
DULs and XBL. You could even use fairly "aggressive" RBLs in this fashion..
Setup: Sendmail, milter-greylist, MailScanner, SA.
Currently I use sendmail, and have milter-greylist enabled in "test mode"
so only my account is greylisted. Based on testing with my account, some
MTAs take a few hours (my greylist period is one minute, so any retry will
succeed). The delay is fine for me, but there are others here who expect
email to be relatively quick unless there's an outage. Certainly multi-hour
delays aren't good for some people who are receiving business related files
like price quotes, product specs, tech support, etc.
So, aside from hacking milter-greylist itself, is there a way in
sendmail.cf to only call a milter when a RBL hits? Is there another milter
that can wrap milter-greylist to do this? (ie: sendmail calls
milter-rbl-wrapper, and milter-rbl-wrapper conditionally calls milter-greylist)
Re: OT: Calling milters based on RBL hits?
Posted by Matt Kettler <mk...@evi-inc.com>.
At 01:12 PM 2/3/2005, Kelson wrote:
>I can't speak for Mailscanner, but I know MIMEDefang has some built-in RBL
>functions, and people have posted several greylist implementations that
>work within a MIMEDefang filter. With that setup, you could have MD do
>the RBL lookup and conditionally run the greylist code.
Yeah, I could do that. Mimedefang would effectively be acting as the
"milter that wraps another milter" in this case.
MailScanner definitely could not do this. MailScanner runs post-delivery,
so at that point, any greylisting is impossible.
Re: OT: Calling milters based on RBL hits?
Posted by Kelson <ke...@speed.net>.
Matt Kettler wrote:
> So, aside from hacking milter-greylist itself, is there a way in
> sendmail.cf to only call a milter when a RBL hits? Is there another
> milter that can wrap milter-greylist to do this? (ie: sendmail calls
> milter-rbl-wrapper, and milter-rbl-wrapper conditionally calls
> milter-greylist)
AFAIK, all milters are always called directly from sendmail (assuming
the previous milter accepted the message), so any decision has to be
made within a milter, not within sendmail. In this scenario, you would
have to hack or replace milter-greylist.
I can't speak for Mailscanner, but I know MIMEDefang has some built-in
RBL functions, and people have posted several greylist implementations
that work within a MIMEDefang filter. With that setup, you could have
MD do the RBL lookup and conditionally run the greylist code.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: OT: Calling milters based on RBL hits?
Posted by Andy Jezierski <aj...@stepan.com>.
Matt Kettler <mk...@evi-inc.com> wrote on 02/03/2005 11:01:02 AM:
> Setup: Sendmail, milter-greylist, MailScanner, SA.
>
> Currently I use sendmail, and have milter-greylist enabled in "test
mode"
> so only my account is greylisted. Based on testing with my account, some
> MTAs take a few hours (my greylist period is one minute, so any retry
will
> succeed). The delay is fine for me, but there are others here who expect
> email to be relatively quick unless there's an outage. Certainly
multi-hour
> delays aren't good for some people who are receiving business related
files
> like price quotes, product specs, tech support, etc.
Don't have an answer for you about the milter, but when I was setting up
our greylist I monitored the logs for a few days to find what domains our
company communicated with on a regular basis and whitelisted them. This
took care of the delay problem for the most part, I still get the
occasional complaint from someone whose mail was delayed, but those are
few and very far between.
Andy